Vulnerabilities > Thycotic

DATE CVE VULNERABILITY TITLE RISK
2021-10-01 CVE-2021-41845 SQL Injection vulnerability in Thycotic Secret Server 10.9.000032
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007.
network
low complexity
thycotic CWE-89
6.5
2021-06-11 CVE-2021-34679 Unspecified vulnerability in Thycotic Password Reset Server
Thycotic Password Reset Server before 5.3.0 allows credential disclosure.
network
low complexity
thycotic
7.5
2019-10-23 CVE-2019-18357 Cross-site Scripting vulnerability in Thycotic Secret Server
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
network
low complexity
thycotic CWE-79
6.1
2019-10-23 CVE-2019-18356 Cross-site Scripting vulnerability in Thycotic Secret Server
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
network
low complexity
thycotic CWE-79
6.1
2019-10-23 CVE-2019-18355 Server-Side Request Forgery (SSRF) vulnerability in Thycotic Secret Server
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
network
low complexity
thycotic CWE-918
critical
9.8
2018-03-09 CVE-2014-4861 Credentials Management vulnerability in Thycotic Secret Server
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
network
low complexity
thycotic CWE-255
critical
9.8
2017-07-29 CVE-2017-11725 Open Redirect vulnerability in Thycotic Secret Server
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
network
low complexity
thycotic CWE-601
5.4